Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: VoIP over IPsec

  • From: Stephen Sprunk
  • Date: Mon Feb 17 13:28:47 2003

Thus spake "Charlie Clemmer" <>
> Stephen, I know this is outside of Charles' original inquiry, but I'm not
> familiar with this "qos pre-classify" feature. Since we would be
> voice traffic ... at what point would you classify it? If I classify it
> before it goes into the tunnel and gets encrypted, would that
> classification last once it's encrypted? If we try to classify after it's
> been encrypted, how can we tell it's voice traffic? It seems to me that
> jitter from both the actual encryption process as well as that associated
> with basic serialization would be the potential death of VoIP in this
> scenario, but I'm not sure mechanisms available to help resolve that risk.

In the default IOS code path, encryption happens before QOS (and after GRE).
Modern IOS versions copy the DSCP when encapsulating/ encrypting packets, so
DSCP-based QOS will still work, but IP- and port-based QOS will not.

More importantly, encryption is slow; even hardware encryption is
significantly slower than the rest of the forwarding process.  It's also
FIFO by default, meaning that large data packets can get stuck ahead of your
VoIP packets, causing jitter.

'qos pre-classify' adds a second QOS stage before encryption, which allows
you to classify packets in their unencrypted state and, more importantly,
adds PQ capability to the encryption stage.

For more information:


Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.